summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-08-17 15:49:57 +0200
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-08-17 15:49:57 +0200
commitc3896495942392f1a792da1cafba7a573cbf6fc2 (patch)
tree1a042845b7a57118b1eb993b6dacdfe9cca7d440
parentAUDIT: Fix task refcount leak in audit_filter_syscall() (diff)
downloadlinux-c3896495942392f1a792da1cafba7a573cbf6fc2.tar.xz
linux-c3896495942392f1a792da1cafba7a573cbf6fc2.zip
AUDIT: Speed up audit_filter_syscall() for the non-auditable case.
It was showing up fairly high on profiles even when no rules were set. Make sure the common path stays as fast as possible. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r--kernel/auditsc.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a73176eaa57d..818ef9fdab3c 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -513,20 +513,23 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
struct list_head *list)
{
struct audit_entry *e;
- enum audit_state state;
- int word = AUDIT_WORD(ctx->major);
- int bit = AUDIT_BIT(ctx->major);
+ enum audit_state state;
if (audit_pid && tsk->tgid == audit_pid)
return AUDIT_DISABLED;
rcu_read_lock();
- list_for_each_entry_rcu(e, list, list) {
- if ((e->rule.mask[word] & bit) == bit
- && audit_filter_rules(tsk, &e->rule, ctx, &state)) {
- rcu_read_unlock();
- return state;
- }
+ if (!list_empty(list)) {
+ int word = AUDIT_WORD(ctx->major);
+ int bit = AUDIT_BIT(ctx->major);
+
+ list_for_each_entry_rcu(e, list, list) {
+ if ((e->rule.mask[word] & bit) == bit
+ && audit_filter_rules(tsk, &e->rule, ctx, &state)) {
+ rcu_read_unlock();
+ return state;
+ }
+ }
}
rcu_read_unlock();
return AUDIT_BUILD_CONTEXT;
@@ -1023,7 +1026,6 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
} else {
audit_free_names(context);
audit_free_aux(context);
- audit_zero_context(context, context->state);
tsk->audit_context = context;
}
out: